Microsoft Internet Explorer "window()" Denial of Service Weakness

secunia.org ^

[frogjerk]

Benjamin Tobias Franz has discovered a weakness in Internet Explorer, which can be exploited by malicious people to cause a DoS (Denial of Service).

The problem is caused due to certain objects not being initialized correctly. This can be exploited to crash a vulnerable browser via some specially crafted JavaScript code called directly when a site has been loaded.

NOTE: It is currently not believed that this issue can be exploited for code execution purposes, but this cannot be ruled out completely.

[frogjerk]

Check out the example and create a file with the code then open it using IE. Real easy to replicate.

[js1138]

So put that web site on the do not revisit list.

I basically don't visit sites that have Flash or Java on the home page. If the home page doesn't load fast, I'm outta there.

Keep that in mind, JR/JR.

[ShadowAce]

[AppyPappy]

I don't go anywhere unless I know the site. 90% of the problems come from people looking for porn or clicking on spam.

[HEY4QDEMS]

Whenever I use IE6, it always quits when I press "alt+F4". hehehe

[Red Badger]

IE and Windows have more holes than a trainload of Swiss cheese........

[D-fendr]

I don't go anywhere unless I know the site.

That would severly limit my use of the internet. Agree with you on the spam and porn part, but I do a lot of searches for information and hit a lot of sites I've never heard of to find it.

[frogjerk]

IE and Windows have more holes than a trainload of Swiss cheese......

<chortle>

[Lazamataz]

90% of the problems come from people looking for porn or clicking on spam.

I've compounded the problem.

I'm always looking for porn spam.

[SengirV]

The simplest solution for Microsoft is to DESTROY JavaScript

[since1868]

where are all the Firefox fans?

[WHBates]

"NOTE: It is currently not believed that this issue can be exploited for code execution purposes, but this cannot be ruled out completely.

LOL, just think about the amount of man-hours spent on addressing the holes caused by fixing the holes. Wow, that gives true meaning to the hole theory. We are crossing boundaries.

[zeugma]

you look for fake porn? I think there are anime sites for that.

[zeugma]

where are all the Firefox fans?

Probably safely surfing the windows users scramble to update their browser. Oh wait. There is no fix for this...

I wonder if this bug affects Outlook too. Most IE vulnerabilities can be exploited through outlook because it is used as it's render engine.

[NoClones]

they're just a little slow getting on board...

kind of like ie was here years ago & on-firefox is just now showing up

[zeugma]

Wow! I just looked at the example, and you ain't kidding. It is really easy to replicate.

Test it Here

I don't understand why people still use IE.

[processing please hold]

where are all the Firefox fans?

I'm here.

[since1868]

Even though I am now using mozzila for 3 weeks I still can not get rid of spyware.

[Wacka]

Who is still stupid enough to use IE on ANY platform?

[pillbox_girl]

So in other words, they've managed to isolate one of the many, many (many many many) ways in which IE can be crashed. And that's suddenly a big security hole we all need to worry about? So if I run across a page with this "exploit", just how am I supposed to tell it apart from any of the other daily occurances of explorer crashing?

Dog bites man.